PayPal Security Loophole

Banknote - 50.000.000 Mark - Deutsches Reich - 25.07.1923 Public Domain

Criminals see PayPal related messages as an easy route for fraud.  Many such requests are quick to spot as they do not relate to any known purchase.  Another tell-tale sign is that the sender’s details and any web links within the message do not follow the expected PayPal URL format although scammers often go a long way towards imitating this.

One way that fraudsters avoid being revealed through the message header code or URL text is to work from within genuine PayPal account.  This could be one that they own or a compromised account that they have gained access to.  The receiver of the message will be reassured that any email header and PayPal links are all genuine (because they are) and following it through will lead to details of an authentic transaction request on PayPal. The trick is to put the key to their scam within the ‘note’ section of a genuine invoice or request for funds.   This section is designed for messages about the goods exchanged but is not strongly regulated by PayPal.  A genuine use might be for the address to send goods but in this scam it will include details on how to complain if the transaction seems to be in error. These contact details will not lead to PayPal but some portal controlled by the fraudster.

The hook revolves around sending a PayPal invoice or request for funds that is clearly in error and the receiver reporting the incident to PayPal. The contact web link or phone number listed within the transaction note is the entry into the fraudster’s system.  The mark will report the PayPal transaction to avoid any automated transfer of funds but instead will be tricked into disclosing personal details or downloading malware.  In this example from KrebsonSecurity a spoof call centre attempted to have the mark download a remote administration tool.

PayPal recognise that scammers attempt to manipulate their systems and offer advice to users who see suspicious activity.  In cases where a request appears to be from PayPal the receiver should search for contact details for PayPal on-line and not rely on any embedded within the original message.  The original message should be forwarded to phishing@paypal.com who will investigate the source account.

More from Security

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

04/11/2024

UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction …

Read post

28/10/2024

Zero-Day Attacks

In October 2024 Google Mandiant reported on 138 exploited vulnerabilities since 2023.  They concluded there had been an increase in the number and speed …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories